Shining a light on tech data exports

Earlier this month, DDTC published a new Consent Agreement with Bright Lights USA, Inc. of Barrington, New Jersey. This agreement alleges a variety of different ITAR violations, including technical data exports and failure to keep adequate records. Are these problems sufficiently addressed in your company’s export compliance program? As always, it’s important to take note, and then take action to implement corrections where needed.

Background on Bright Lights

Bright Lights has been in business since 1990. The company manufactures and distributes spare parts for the defense industry. This includes a wide array of parts for Army, Navy, Air Force and Marine applications, as well as turbine parts.

In its Proposed Charging Letter, DDTC alleged that the company’s business practice prior to February 19, 2013, was to create “redacted” versions of ITAR-controlled Technical Data for products it intended to outsource to foreign companies. Bright Lights supposedly redacted the Technical Data by removing any export control language and transferring the remainder of the drawing, in whole or part, to a new document. Bright Lights would then export this modified version of the drawing to foreign manufacturers. In other cases, Bright Lights would post the modified drawings online to solicit quotations from foreign suppliers. In either case, this resulted in an unauthorized export of Technical Data from a U.S. Person to a Foreign Person.

Technical data export violations abound

DDTC alleges that on 270 occasions between April 15, 2008, and April 15, 2013, Bright Lights sourced, or sought to source, ITAR-controlled parts from foreign vendors. On five occasions, the State Department alleged that Bright Lights exported ITAR-controlled Technical Data without the required license (“authorization”) from DDTC. Four of these instances were exports to manufacturers in China, a proscribed destination under the ITAR. The fifth export was to a manufacturer in India.

DDTC also charged Bright Lights with failure to maintain records for the five-year period required by 22 145 CFR § 122.5. Specifically, on January 7, 2016, the Department requested Bright Lights to provide documentation related to various outsourced manufacturing jobs, including an order placed with a Chinese manufacturer. While Bright Lights did provide some documentation related to Technical Data, payments and shipping information on finished products, it was unable to provide documentation of the actual Technical Data exports. One of the instances where required records could not be provided was an outsourced export to China.

Finally, DDTC also charged Bright Lights with unauthorized exports for: (1) items misclassified as EAR-controlled and exported without a license; (2) items misclassified as EAR-controlled and exported against a valid DDTC license issued pre-Export Control Reform; and (3) items misclassified and exported without authorization.

Controlling your data (and keeping it)

As a result of these charges and the Consent Agreement, Bright Lights will pay a penalty of $400,000 over the next two years. The company was spared from an administrative debarment for cooperating with DDTC.

It’s also worth noting that Bright Lights was not new to the business of exporting, having been registered with DDTC since 1992, and having received more than 530 ITAR licenses during the past seven years. Regardless, it appears that Bright Lights forgot (or ignored) at least two basic underpinnings of ITAR compliance:

ITAR-controlled Technical Data is still controlled, even after the removal of export markings or language. Simply redacting these markings does not change the fundamental nature of the data itself. Authorizations still must be obtained prior to exporting from U.S. Persons to Foreign Persons.

The ability to obtain export authorizations is a privilege and there are requirements even after licenses are obtained. One that’s frequently overlooked is the recordkeeping requirement of §122.5 (and other sections of the ITAR). Failure to keep these records, or make them available upon request by DDTC, can lead to problems.

A robust Export Compliance Program, combined with training, internal reviews, periodic external audits, and the disclosing of any violations can go a long way in saving a company from experiencing penalties, loss of business and a damaged reputation. As has been proven time and time again, the cost of proactively managing compliance is far less than the cost of ignoring it.

Do you need help evaluating or improving your company’s ITAR compliance? Our team of experts can help. Schedule a no-charge consultation today, and let us work with you to improve.